AutoFTP Manager FTP Client Directory Traversal Vulnerability Network Vulnerability

Summary

This host is installed with AutoFTP Manager FTP Client and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attackers to write files into a user's Startup folder to execute malicious code when the user logs on. Impact Level: Application.

Solution

Upgrade AutoFTP Manager FTP Client to recent versions, For updates refer to http://www.deskshare.com/download.aspx

Insight

The flaw exists due to error in handling of certain crafted file names. It does not properly sanitise filenames containing directory traversal sequences that are received from an FTP server.

Affected

AutoFTP Manager FTP Client 4.31(4.3.1.0) and prior.

References

http://en.securitylab.ru/nvd/396970.php
http://www.htbridge.ch/advisory/directory_traversal_in_autoftp_manager.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3104
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

EFTP tells if a given file exists
SolarFTP PASV Command Remote Denial of Service Vulnerability
Open-FTPD Authentication Bypass Vulnerability
pyftpdlib FTP Server Multiple Vulnerabilities
FreshWebMaster Fresh FTP Filename Directory Traversal Vulnerability

Take action and discover your vulnerabilities